Created
June 1, 2020 12:04
-
-
Save ndbroadbent/997331f80962ebda1a1a02a19edc6ed8 to your computer and use it in GitHub Desktop.
Check for Debian updates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace :system do | |
desc 'Check for security updates for Debian packages' | |
task check_security_updates: :environment do | |
return unless Rails.env.production? | |
Cronitor.run(ENV['CRONITOR_ID_CHECK_SECURITY_UPDATES']) do | |
stdout, stderr, status = Open3.capture3('apt-get update') | |
unless status.success? | |
raise "'apt-get update' failed! stdout:\n#{stdout}\nstderr:\n#{stderr}" | |
end | |
stdout, stderr, status = Open3.capture3('apt-get upgrade -s') | |
unless status.success? | |
raise "'apt-get upgrade -s' failed! stdout:\n#{stdout}\nstderr:\n#{stderr}" | |
end | |
raise "'apt-get upgrade -s' produced no output!" if stdout.blank? | |
updates = stdout.lines.select { |l| l.match?(/^Inst.*Security/) } | |
next if updates.none? | |
InternalSlackNotificationJob.perform_async( | |
channel: '#errors', | |
username: 'Security Updates Available', | |
text: "Security updates are available for Debian packages:\n\n#{updates.join}" | |
) | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment